android:keytool生成应用签名证书(java 15)
一,查看是否已安装keytool
keytool命令的程序位于jdk的安装目录/bin下,
1,查看是否有keytool命令已安装?
[lhdop@blog ~]$ ls /usr/local/soft/jdk-17/bin/keytool /usr/local/soft/jdk-17/bin/keytool
2,查看帮助:列出可用的命令
[lhdop@blog ~]$ keytool --help Key and Certificate Management Tool Commands: -certreq Generates a certificate request -changealias Changes an entry's alias -delete Deletes an entry -exportcert Exports certificate -genkeypair Generates a key pair -genseckey Generates a secret key -gencert Generates certificate from a certificate request -importcert Imports a certificate or a certificate chain -importpass Imports a password -importkeystore Imports one or all entries from another keystore -keypasswd Changes the key password of an entry -list Lists entries in a keystore -printcert Prints the content of a certificate -printcertreq Prints the content of a certificate request -printcrl Prints the content of a CRL file -storepasswd Changes the store password of a keystore -showinfo Displays security-related information Use "keytool -?, -h, or --help" for this help message Use "keytool -command_name --help" for usage of command_name. Use the -conf <url> option to specify a pre-configured options file.
3,查看帮助:例:列出genkey命令的参数:
[lhdop@blog keystore]$ keytool -genkey --help keytool -genkeypair [OPTION]... Generates a key pair Options: -alias <alias> alias name of the entry to process -keyalg <alg> key algorithm name -keysize <size> key bit size -groupname <name> Group name. For example, an Elliptic Curve name. -sigalg <alg> signature algorithm name -dname <name> distinguished name -startdate <date> certificate validity start date/time -ext <value> X.509 extension -validity <days> validity number of days -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <type> keystore type -providername <name> provider name -addprovider <name> add security provider by name (e.g. SunPKCS11) [-providerarg <arg>] configure argument for -addprovider -providerclass <class> add security provider by fully-qualified class name [-providerarg <arg>] configure argument for -providerclass -providerpath <list> provider classpath -v verbose output -protected password through protected mechanism Use "keytool -?, -h, or --help" for this help message
二,生成keystore
1,执行genkey命令
[lhdop@blog keystore]$ keytool -genkey -alias poem -keyalg RSA -keysize 2048 -validity 36500 -keystore poem.keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: liuhongdi What is the name of your organizational unit? [Unknown]: liuhongdi What is the name of your organization? [Unknown]: liuhongdi What is the name of your City or Locality? [Unknown]: beijing What is the name of your State or Province? [Unknown]: beijing What is the two-letter country code for this unit? [Unknown]: 86 Is CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86 correct? [no]: y Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days for: CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86
此处密码要记住
2,参数说明:
-genkey:生成一个证书
-alias:证书的别名,一般和keystore的文件名相同,也可以不同,
它是和keystore关联的唯一别名,不区分大小写
-keyalg:生成密钥文件的算法,此处用RSA (可以选择的密钥算法有:RSA、DSA(默认)、EC)
-validity: 生成数字证书的有效期天数,我们设置为36500天
-keysize: 指定密钥长度(与keyalg对应关系:`RSA=2048`、`DSA=2048`、`EC=256`)
-keystore: 指定密钥库文件的名称
3,代码的说明:
- CN = 域名或IP(Common Name)
- OU = 组织单位名称(Organization Unit)
- O = 组织名称(Organization Name)
- L = 城市或区域名称(Locality Name)
- ST = 州或省份名称(State Name)
- C = 国家的简写(Country,CN 代表中国)
4,查看生成的keystore文件:
[lhdop@blog keystore]$ ls poem.keystore
三,查询keystore的信息:
[lhdop@blog keystore]$ keytool -list -v -keystore poem.keystore Enter keystore password: Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry Alias name: poem Creation date: Apr 14, 2023 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86 Issuer: CN=liuhongdi, OU=liuhongdi, O=liuhongdi, L=beijing, ST=beijing, C=86 Serial number: 8028dc6750c99e58 Valid from: Fri Apr 14 09:33:04 CST 2023 until: Sun Mar 21 09:33:04 CST 2123 Certificate fingerprints: SHA1: A1:23:05:8A:5E:3B:9C:8D:03:E5:F5:CB:67:E8:A7:8A:4C:92:07:A2 SHA256: 0F:40:91:72:FD:5A:F2:04:2F:38:1E:80:7F:87:C2:96:44:5B:BD:1F:BA:11:FB:FF:15:7F:55:77:FC:24:AB:C9 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C5 B9 7B C9 EA 27 8A 9D 86 49 AB 19 C7 18 F0 91 .....'...I...... 0010: 13 52 CB 40 .R.@ ] ] ******************************************* *******************************************
说明:刘宏缔的架构森林是一个专注架构的博客,
网站:https://blog.imgtouch.com
原文: https://blog.imgtouch.com/index.php/2023/06/05/android-keytool-sheng-cheng-ying-yong-qian-ming-zheng-shu/
对应的源码可以访问这里获取: https://github.com/liuhongdi/
或: https://gitee.com/liuhongdi
说明:作者:刘宏缔 邮箱: 371125307@qq.com
四,查看java的版本:
[lhdop@blog keystore]$ java --version java 15 2020-09-15 Java(TM) SE Runtime Environment (build 15+36-1562) Java HotSpot(TM) 64-Bit Server VM (build 15+36-1562, mixed mode, sharing)